Close #3199 Add Make Latest Options. #8806
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Security workflow | |
on: | |
schedule: | |
- cron: '0 13 * * *' | |
pull_request: | |
push: | |
branches: | |
- '*' | |
jobs: | |
dependency-audit: | |
name: Dependency Check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3' | |
- name: Find the push source branch name | |
if: ${{ github.event_name != 'pull_request' }} | |
run: echo "AZ_TRIMMED_REF=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV} | |
- name: Find the pull request source branch name | |
if: ${{ github.event_name == 'pull_request' }} | |
run: echo "AZ_TRIMMED_REF=${GITHUB_HEAD_REF}" >> ${GITHUB_ENV} | |
- name: Set variables | |
run: | | |
if [ $(git ls-remote --heads https://github.com/az-digital/az-quickstart-scaffolding.git $AZ_TRIMMED_REF | wc -l) = 1 ]; then | |
echo "SCAFFOLD_BRANCH=${AZ_TRIMMED_REF}" >> ${GITHUB_ENV} | |
else | |
echo "SCAFFOLD_BRANCH=main" >> ${GITHUB_ENV} | |
fi | |
if [ $(git ls-remote --heads https://github.com/az-digital/az-quickstart-dev.git $AZ_TRIMMED_REF | wc -l) = 1 ]; then | |
echo "DEV_PACKAGE_BRANCH=${AZ_TRIMMED_REF}" >> ${GITHUB_ENV} | |
else | |
echo "DEV_PACKAGE_BRANCH=main" >> ${GITHUB_ENV} | |
fi | |
- name: Clone scaffolding repo | |
uses: actions/checkout@v4 | |
with: | |
repository: az-digital/az-quickstart-scaffolding | |
path: az-quickstart-scaffolding | |
ref: ${{ env.SCAFFOLD_BRANCH }} | |
- name: Install dependencies | |
run: | | |
cd az-quickstart-scaffolding | |
composer config repositories.az_quickstart vcs https://github.com/az-digital/az_quickstart.git | |
composer config use-github-api false | |
./quickstart_branch.sh --branch ${AZ_TRIMMED_REF} | |
composer require --no-update --dev az-digital/az-quickstart-dev:dev-${DEV_PACKAGE_BRANCH} | |
composer install -o | |
- name: Check dependencies for vulnerabilities | |
uses: symfonycorp/security-checker-action@v5 | |
with: | |
lock: az-quickstart-scaffolding/composer.lock | |
code-check: | |
name: Static Code Check | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: '8.3' | |
- name: Find the push source branch name | |
if: ${{ github.event_name != 'pull_request' }} | |
run: echo "AZ_TRIMMED_REF=${GITHUB_REF#refs/*/}" >> ${GITHUB_ENV} | |
- name: Find the pull request source branch name | |
if: ${{ github.event_name == 'pull_request' }} | |
run: echo "AZ_TRIMMED_REF=${GITHUB_HEAD_REF}" >> ${GITHUB_ENV} | |
- name: Install dependencies | |
run: | | |
if [ $(git ls-remote --heads https://github.com/az-digital/az-quickstart-scaffolding.git $AZ_TRIMMED_REF | wc -l) = 1 ]; then SCAFFOLD_BRANCH="$AZ_TRIMMED_REF"; else SCAFFOLD_BRANCH=main; fi | |
if [ $(git ls-remote --heads https://github.com/az-digital/az-quickstart-dev.git $AZ_TRIMMED_REF | wc -l) = 1 ]; then DEV_PACKAGE_BRANCH="$AZ_TRIMMED_REF"; else DEV_PACKAGE_BRANCH=main; fi | |
git clone --branch $SCAFFOLD_BRANCH https://github.com/az-digital/az-quickstart-scaffolding.git | |
cd az-quickstart-scaffolding | |
composer config repositories.az_quickstart vcs https://github.com/az-digital/az_quickstart.git | |
composer config use-github-api false | |
./quickstart_branch.sh --branch ${AZ_TRIMMED_REF} | |
composer require --no-update --dev az-digital/az-quickstart-dev:dev-${DEV_PACKAGE_BRANCH} | |
composer install -o | |
- name: Run static code analysis | |
run: | | |
cd az-quickstart-scaffolding | |
composer phpcs |